A modern network can employ a number of different types of devices, such as routers, http-proxies, SOCKS/firewalls, DNS servers, etc., and various transmission paths between these network devices to couple various end nodes together. The ability to obtain a comprehensive list of end nodes to which a particular user was connected is becoming more and more important because of terrorism concerns, law-enforcement concerns, and concerns by companies that their standards of business conduct not be violated. Network infrastructure devices, such as those mentioned above, usually have the ability to log the nearest nodes to which transmissions that traverse them are coupled. However, the logs from numerous of these devices must be combined to obtain a comprehensive listing of the end-nodes to which any particular user had been connected since each individual device's log only provides a portion of the needed information.
Various software products are available which can be used to attempt to reconstruct a list of end nodes to which a particular user was connected. However, a given log-combining software product often only works for a subset of a particular vendors' devices, and even then an updated version of the software/firmware for a device can sometimes defeat the combining algorithm of the log-combining software. The connection list reconstruction is made all the more complicated as the connection between a user and another node can be made via a number of different paths in the network.